Proactive Approach To Cybersecurity: Recent SEC guidance and enforcement actions suggest that reactive firms may be in the SEC’s crosshairs

Morgan Lewis
Contact

In an environment where even the largest and most powerful corporations have fallen victim to data breaches, it can be challenging to fathom how to protect against the sophisticated and ever-evolving threat of cyber attacks. The US Securities and Exchange Commission (SEC) and other regulatory law enforcers are making clear that companies, broker-dealers, financial advisers, and others must make cybersecurity—both before and after an incident—a priority. The failure to take proactive measures, such as establishing and implementing written cybersecurity policies and procedures, can result in actionable conduct, even in instances without a cyber attack. When a firm experiences a data breach, not only are there significant business consequences, but the breach also increases the risk that regulators will evaluate the firm’s cybersecurity policies and initiate an enforcement review.

The SEC signaled its heightened degree of scrutiny on cybersecurity preparedness by issuing its second Office of Compliance Inspections and Examinations (OCIE) Risk Alert. OCIE noted that the 2015 initiative will focus more on evaluating a firm’s implementation of its cybersecurity policies or procedures. This Risk Alert, combined with the SEC’s past cybersecurity guidance, emphasizes the SEC’s position on firms being proactive instead of reactive. Given that OCIE is intending to actually test and evaluate each examined firm’s implementation of its cybersecurity systems, the findings for this round of examinations are more likely to result in significant compliance deficiencies and, potentially, enforcement actions. In light of the SEC’s recent actions and public statements, it is clear that cybersecurity is a concern that all firms, irrespective of size, must proactively address by developing controls and procedures reasonably designed to detect and prevent cyber attacks.

Please see full publication below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morgan Lewis | Attorney Advertising

Written by:

Morgan Lewis
Contact
more
less

Morgan Lewis on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide